[PATCH] drm/virtio: fix OOB in virtio_gpu_object_create
Gerd Hoffmann
kraxel at redhat.com
Thu Mar 19 11:02:30 UTC 2020
On Thu, Mar 19, 2020 at 11:04:21AM +0100, Jiri Slaby wrote:
> After commit f651c8b05542, virtio_gpu_create_object allocates too small
> space to fit everything in. It is because it allocates struct
> virtio_gpu_object, but should allocate a newly added struct
> virtio_gpu_object_shmem which has 2 more members.
>
> So fix that by using correct type in virtio_gpu_create_object.
>
> Signed-off-by: Jiri Slaby <jslaby at suse.cz>
> Fixes: f651c8b05542 ("drm/virtio: factor out the sg_table from virtio_gpu_object")
> Cc: Gurchetan Singh <gurchetansingh at chromium.org>
> Cc: Gerd Hoffmann <kraxel at redhat.com>
That was fast. Yes, exactly this. Pushed to drm-misc-next.
thanks,
Gerd
More information about the dri-devel
mailing list